Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2025-02-06 21:20:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

removed unusable endpoint when ACCOUNT_LOGOUT_ON_GET==False

Browse Source 
This commit removes the GET method from the LogoutView when  ACCOUNT_LOGOUT_ON_GET==False.
Before this commit, the logout endpoint accepts GET requests and appears in the [auto-generated DRF docs](https://bit.ly/2OMpwKx), but it's not usable.
This commit is contained in:
Moetaz 2018-10-08 13:55:51 +01:00 committed by GitHub
parent 479a40d2cc
commit b3d73bdd7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
rest_auth/views.py
View File

@ -105,12 +105,13 @@ class LogoutView(APIView):
""" """
permission_classes = (AllowAny,) permission_classes = (AllowAny,)
def get(self, request, *args, **kwargs): def __init__(self):
if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False): if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', True):
response = self.logout(request) self.get = self._get
else: super().__init__()
response = self.http_method_not_allowed(request, *args, **kwargs)
def _get(self, request, *args, **kwargs):
response = self.logout(request)
return self.finalize_response(request, response, *args, **kwargs) return self.finalize_response(request, response, *args, **kwargs)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):